Over 1 Billion Login Credentials Leaked, Here’s How to See if You Were Compromised – By Cameron Summerson, www.howtogeek.com
Maxim Apryatin/Shutterstock.comPhoto by: Maxim Apryatin/Shutterstock.com
Good morning! A whole slew of usernames and plaintext passwords were leaked for a number of different sites—at 772 million and 21 million respectively, it’s the largest data leak in history. Here’s how to make sure your information is still safe.
The 15-minute Chromebook tune-up – By Jr Raphael, www.computerworld.com
As far as computers go, Chromebooks are almost shockingly low-maintenance. Google's Chrome OS operating system updates itself silently and automatically — as do most of the core apps associated with the platform — and it doesn't get gunked up and slowed down over time, as traditional operating systems tend to do. There's no antivirus software to fret over, either, and little in the way of complicated settings or compatibility concerns.
New Flag Enables Powerful Feature For Chromebook Files App – By Robby Payne, chromeunboxed.com
If you are a user who’s made the transition to Chromebooks from a more standard OS like Mac OS or Windows, file management could be a little different for you.
9 Most Useful Chrome Browser Extensions – By Natasha Stokes, www.techlicious.com
Using Chrome? One of the greatest features of Google’s nimble, speedy browser is the sheer volume of free extensions available from the Chrome store. These extensions are essentially software add-ons that enhance the browser’s performance, tacking on extra capabilities to what you can do within its confines.
Want stronger passwords? Understand these 4 common password security myths – By Fahmida Y. Rashid, www.csoonline.com
Talking about password security is a guaranteed crowd-snoozer, a surefire way to make people shut down and tune out, but the reality is that passwords are still important. Email or social media, online banking or gaming, educational applications or online services—anything that keeps some kind of user data still depends on passwords to keep miscreants out. Attackers will continue merrily looting bank accounts and taking over online services if users don’t step up and use better passwords.
Windows 7 Only Has One Year of Security Patches Left – By Chris Hoffman, www.howtogeek.com
Microsoft will stop supporting Windows 7 with security updates on January 14, 2020. It’s like Windows XP all over again—but much worse. Many more people are sticking with Windows 7 than stuck with XP.
YubiKey 5 NFC security key review – By Liz Rodriguez, the-gadgeteer.com
REVIEW – In a previous YubiKey review, I mentioned how we now live in a world where many websites are being compromised. Along with mobile authenticator apps available, using a hardware device such as the YubiKey is great for extra login security. I had the opportunity to take a look at the newest of Yubico’s hardware keys; the YubiKey 5 NFC. Let’s take a look!
It’s Time to Dispel These Dangerous Password Security Myths – By Mike Elgan, securityintelligence.com
These are exciting times for authentication technologies. We’ve only just begun to explore a new world beyond passwords. Emerging alternatives abound, from biometrics to multifactor authentication (MFA) to behavioral analysis and many other innovative ideas.
New Year’s resolutions: Get your passwords shipshape – By Tomáš Foltýn, www.welivesecurity.com
In case there are some blank entries in your laundry list of New Year’s resolutions, we have a few tips for a bit of cybersecurity ‘soul searching’. Here’s the first batch, looking at how you can fix your good ol’ passwords.
Google's Public DNS now works with Android 9 Pie – By Corbin Davenport, www.androidpolice.com
A Domain Name System, or DNS for short, is the component of your network connection that looks up the server IPs after you enter a domain name (e.g. androidpolice.com). Most people use the default DNS services from their ISPs/carriers, but alternatives have existed for years, like Google Public DNS. Google announced today that its DNS service finally supports DNS-over-TLS, meaning it can be set as the system-wide DNS provider on Android 9 Pie.
When you use Google Public DNS, you are changing your DNS "switchboard" operator from your ISP to Google Public DNS.
'You can't relax': Here's why 2-factor authentication may be hackable – By Jennifer Schlesinger | Andrea Day, www.cnbc.com
In a quest to make online accounts safer, many services now offer two-factor authentication. The system typically sends a code to a user's mobile phone that they need log in, along with a username and password.
Lock Down Your Tech in 2019 With These Resolutions – By Justin Pot, www.howtogeek.com
If you’re a human person who occasionally engages in commerce, hackers are probably targeting you. This year, resolve to do something about it.
You know you need to take better care of your personal information, but you keep putting it off.
How to Create a System Image Backup in Windows 7, 8, or 10 – By Walter Glenn, www.howtogeek.com
The built-in backup utilities in Windows are pretty solid. Let’s take a look at how to create a full backup image of your PC without the need for a third party utility.
You Should Freeze Your Child’s Credit. It’s Not Hard. Here’s How. – By Ron Lieber, www.nytimes.com
A new law requiring credit bureaus to offer you free freezes applies to children, too. It’s easier than you’d expect, but you may still have questions. Here are some answers.
A new Google Chrome attack can freeze your Windows 10 device – By Anmol, mspoweruser.com
A new exploit has been discovered in Google Chrome that can potentially freeze Windows 10 devices completely. The new bug is being used in a tech support scam that freezes Windows 10 and then tells the user that their device is infected by a virus.
Why you need to use a password manager – By Zack Whittaker, techcrunch.com
If you thought passwords will soon be dead, think again. They’re here to stay — for now. Passwords are cumbersome and hard to remember — and just when you did, you’re told to change it again. And sometimes passwords can be guessed and are easily hackable.
How Safe is Mint.com? – By Curtis Hearn, smartmoneynation.com
A few weeks ago, Equifax, one of the world’s largest repository of personal financial information, announced it had been hacked. Over 140 million consumers’ personal data was stolen, including credit card numbers for some of those affected.
ProtonMail now lets you import emails in bulk from Gmail, Yahoo, and others – By Paul Sawers, venturebeat.com
Encrypted email startup ProtonMail is making it easier for users to import their emails from other providers, in a move that could help stoke use of ProtonMail’s service. Additionally, the company will also enable users to backup their emails locally by exporting them to their hard drive.
SMS or authenticator app – which is better for two-factor authentication? – By Maria Varmazis, nakedsecurity.sophos.com
In the comments of one of our recent two-factor authentication (2FA) articles, we received a question about whether it was better to use an SMS (text message) code as your second factor of authentication or to use a dedicated authenticator app to generate the code.
Protecting an account with multi-factor authentication (MFA) is a no-brainer, but that doesn’t mean every method for doing this is equally secure.
This is the future of authentication, according to security experts – By Abhimanyu Ghoshal, thenextweb.com
Passwords may not have been much of an annoyance back in the 1960s, when they were first believed to have been introduced to the world of computing. But as we’ve increasingly adopted a wide range of personal gadgets and online services, they’ve become a pain to manage, and a point of vulnerability that hackers can exploit when conditions are in their favor.
LastPass FULL TUTORIAL Password Manager – By David A. Cox, www.youtube.com VIDEO
Password management is a major problem for a lot of people and today I would like to demonstrate the solution which I feel at this point is the best option on the market.
Primer: How to lock your online accounts with a security key – By Seth Rosenblatt, the-parallax.com
A tiny slab of circuitry can lock down your online accounts against some of the most determined attacks—unless your sites, your browser, or your own inertia get in the way.
Things You Should Know Before Enabling Two-Factor Authentication – By Nitin Sharma, medium.freecodecamp.org
With Cybersecurity becoming a big concern, two-factor authentication (2FA) is a topic that is becoming hotter with each passing day.
After all, who doesn’t want to keep their private data safe? Two-factor authentication may not be a bulletproof solution but is one of the easiest and best ways to shore up your virtual security.
Google Drive's New Backup Feature Reminded Me I Have No Backup Plan – By Patrick Lucas Austin, lifehacker.com
If you don’t have an offsite cloud storage plan (and you really should), Google’s newest update to its cloud storage service Google Drive is ready to fix your gaping data backup hole by letting you pick which folders on your device you’d like to back up to Google Drive instead of forcing you to put the files into a single Google Drive folder. It’s called Backup & Sync.
Google Smart Lock: The complete guide – By Jr Raphael, www.computerworld.com
Think fast: How many times a day do you pick up your phone to look at something? Unless you live in the tundra or have far more self-control than most, the answer probably falls somewhere between "quite a few" and "more than any sane person could count." Assuming you keep your device properly secured, that means you're doing an awful lot of unlocking — be it with your face, your fingerprint, or the code you tap or swipe onto your screen.
The Pros and Cons of Two-Factor Authentication Types and Methods – By Saikat Basu, www.makeuseof.com
If you aren’t using two-factor authentication yet, you’re way behind and leaving your accounts vulnerable to hackers and phishers. How safe do you actually feel when a password is the only thing standing between a stranger and your bank account? Not too safe, I hope.
How to Avoid Fingerprint Scams in Apps – By David Murphy, lifehacker.com
It’s great when an app allows you to add extra security—a fingerprint scan or a depth map of your face, for example—to access its contents. In case someone ever gets their hands on your unlocked device (or figures out your PIN), it’ll be trickier for them to access critical apps, like your banking apps, if they don’t have your finger or face nearby.
U2F Explained: How Google and Other Companies Are Creating a Universal Security Token – By Chris Hoffman, www.howtogeek.com
U2F is a new standard for universal two-factor authentication tokens. These tokens can use USB, NFC, or Bluetooth to provide two-factor authentication across a variety of services. It’s already supported in Chrome for Google, Dropbox, and GitHub accounts. Microsoft is working on implementing it in Edge.
Top 5 ways to pick a secure password By Tom Merritt, www.techrepublic.com
Oh, passwords. Someday the FIDO alliance or somebody will save us from them. Until that heady day, we still need them and we need to choose ones that are really hard to guess. Even if you have two-factor authentication turned on—which you should—secure passwords are still a good idea. Fire up your Horse Battery Staple, here are five things to know to pick a good password.
How Password Constraints Give You a False Sense of Security By David Murphy, lifehacker.com
The next time you’re forced to make a password—especially if a site requires you to use a crazy combination of uppercase and lowercase letters, or a number, or a symbol—don’t assume that these attempts at obfuscation automatically mean that your password is incredible and secure.
Microsoft Accounts Now Support Passwordless Login via FIDO 2 Security Keys By Lucian Armasu, www.tomshardware.com
Microsoft and Yubico announced today that all Microsoft account owners using the latest Windows 10 version (build 1089) and the Edge browser will be able to log in to their accounts using nothing but a FIDO2/WebAuthn-enabled security key like Yubikey 5.
USPS Site Exposed Data on 60 Million Users by krebsonsecurity.com
U.S. Postal Service just fixed a security weakness that allowed anyone who has an account at usps.com to view account details for some 60 million other users, and in some cases to modify account details on their behalf.
How to Tell if Your Account Has Been Hacked By Lorenzo Franceschi-bicchierai, motherboard.vice.com
Hackers routinely target high profile victims like politicians or wealthy cryptocurrency investors. But you could become a target too. Maybe an abusive former partner wants to stalk you, or a run-of-the-mill cybercriminal wants to get into your bank account.
Major SMS security lapse is a reminder to use authenticator apps instead By Jon Porter, www.theverge.com
A recent data breach has exposed a database of around 26 million text messages containing private customer information, reports TechCrunch. In addition to the privacy concerns, the breach also highlights the dangers of relying on SMS messages for receiving two-factor authentication codes or account reset links, which sees sensitive information sent over an unencrypted communications platform.
Google Brings Enhanced Network Features to Project Fi By Paul Thurrott, www.thurrott.com
Google announced today that it is introducing enhanced networking functionality to its Project Fi wireless network. Among the changes are improvements to the Project Fi VPN and a faster, more seamless way to intelligently switch between Wi-Fi and cellular networks.
Logging In With A USB Key (U2F Explained) by Techquickie VIDEO – USB keys that use Universal Two-Factor, or U2F, are an elegant way to log into your important accounts without having to enter a six-digit code every time. How do they work, and are they a good idea for you?
Privacy.com: Protect Your Bank Accounts By Justin, operational-security.com
It is no secret that I am a major fan of Blur, the privacy service that allows you to mask your email address and phone number. One of my favorite features of Blur is credit card masking – the ability to create one-time-use credit card numbers that are billed to your real credit card. A new service has come along that allows you to create one-time use credit card numbers. The service is a little bit different than Blur, and has some advantages and disadvantages. It is called Privacy.com.
Why You Should Start Using Two-Factor Authentication Now By Cristina Chipurici, heimdalsecurity.com
Imagine waking up on a splendid spring day, opening your laptop and realising that you can’t access your online accounts anymore. Your email has been breached, your website, your most precious work, is now gone, and your credit card was used for shady transactions.
In a nutshell, this is what I experienced almost 6 years ago.
For years, two-factor authentication has been the most important advice in personal cybersecurity — one that consumer tech companies were surprisingly slow to recognize. The movement seemed to coalesce in 2012, after journalist Mat Honan saw hackers compromise his Twitter, Amazon, and iCloud accounts, an incident he later detailed in Wired. At the time, few companies offered easy forms of two-factor, leaving limited options for users worried about a Honan-style hack. The result was a massive public campaign that demanded companies to adopt the feature, presenting two-factor as a simple, effective way to block account takeovers.
Beyond Passwords: 2FA, U2F and Google Advanced Protection by www.troyhunt.com
Last week I wrote a couple of different pieces on passwords, firstly about why we're going to be stuck with them for a long time yet and then secondly, about how we all bear some responsibility for making good password choices. A few people took some of the points I made in those posts as being contentious, although on reflection I suspect it was more a case of lamenting that we shouldn't be in a position where we're still dependent on passwords and people needing to understand good password management practices in order for them to work properly.
Why you should use a password manager By Jack Wallen, www.techrepublic.com
Your password is weak. Is it your birthday? The birthday of your kids? Your anniversary? Or is it password123? Consider this: It only takes 14.17 minutes to crack a nine-digit password (such as 123456789) that consists of the numbers 1-9. Using a botnet or supercomputer, that same password can be cracked in .0085 seconds. So that weak-sauced password you use for every account you have can be hacked pretty easily.
How to Use Authy To Keep Your Data Safe by OnlineBusinessRealm VIDEO
Authenticator Apps By Twit Netcast Network, www.youtube.com Video
What is phishing? How this cyber attack works and how to prevent it By Josh Fruhlinger, www.csoonline.com
Phishing is a cyber attack that uses disguised email as a weapon. The goal is to trick the email recipient into believing that the message is something they want or need — a request from their bank, for instance, or a note from someone in their company — and to click a link or download an attachment.
In the classic 1973 heist movie The Sting, two con men—played by Robert Redford and Paul Newman—build a fictitious world in a Depression-era Chicago basement to defraud a corrupt banker. They make an offtrack-betting room, hire actors to ensure the scene is convincing, and even enlist pretend law enforcement to fake-bust their mark. The film is memorable because it is one of the finest movies in the genre, well written and funny, but also because the duo’s work is so meticulously detailed.
Busting SIM Swappers and SIM Swap Myths by krebsonsecurity.com
KrebsOnSecurity recently had a chance to interview members of the REACT Task Force, a team of law enforcement officers and prosecutors based in Santa Clara, Calif. that has been tracking down individuals engaged in unauthorized “SIM swaps” — a complex form of mobile phone fraud that is often used to steal large amounts of cryptocurrencies and other items of value from victims.
5 Simple Windows Security Tips You've Got No Excuse to Ignore By David Nield, gizmodo.com
Computer security doesn’t really have to be hard. Some of the smallest, simplest measures can be the most effective in keeping your devices secure—they won’t take long, they’re easy to do, and you don’t really have any excuse for not doing them.
How to spot a phishing email By Andrew Burton, www.carbonite.com
Phishing and other social engineering attacks are only increasing in frequency, and unfortunately, sophistication. However, there are a number of common indicators of a phishing attack. Knowing what to look for goes a long way to protect yourself against attacks. If you spot any of the following tip-offs, proceed with caution.
Windows Defender Now Offers Ultra Secure Sandbox Mode, Here’s How To Turn It On By Chris Hoffman, www.howtogeek.com
Windows 10’s built-in antivirus can now run in a sandbox. Even if an attacker compromises the antivirus engine, they wouldn’t have access to the rest of the system. As Google’s Tavis Ormandy puts it, “this is game changing.”
Don't Get Caught in a Phishing Scam! – By Dottotech, www.youtube.com Video
Secure Your Accounts and Passwords With a Hardware Token By David Murphy, lifehacker.com
Two-factor authentication is a quick, easy way to add extra security to your accounts (or password managers). For even more security and peace of mind, consider buying a hardware token like the YubiKey or Google Titan. They’re incredibly easy to set up, and as long as you keep the USB accessory on or near you—on your keyring, for example—you’ll be able to authenticate into supported accounts and services as quickly as typing in a password. And since nobody else will have your hardware authenticator, your accounts will be protected from other attackers.
A Guide to Common Types of Two-Factor Authentication on the Web By Jacob Hoffman-andrews, www.eff.org
Two-factor authentication (or 2FA) is one of the biggest-bang-for-your-buck ways to improve the security of your online accounts. Luckily, it's becoming much more common across the web. With often just a few clicks in a given account's settings, 2FA adds an extra layer of security to your online accounts on top of your password.
The Different Forms of Two-Factor Authentication: SMS, Autheticator Apps, and More By Chris Hoffman, www.howtogeek.com
Many online services offer two-factor authentication, which enhances security by requiring more than just your password to sign in. There are many different types of additional authentication methods you can use.
Two-Factor Authentication: Who Has It and How to Set It Up By Eric Griffith, www.pcmag.com
In 2014, the Heartbleed exploit left everyone's login information potentially up for grabs thanks to one itty-bitty piece of code, and in the past few years, our security nightmares have only gotten worse. In fact, more data was leaked in the first half of 2017 than in all of 2016 combined.
How to Use LastPass for More Than Just Managing Passwords By Chris Hoffman, www.howtogeek.com
LastPass is more than just a password manager. It’s an encrypted vault where you can store secure notes, secret bookmarks, and even entire files. It can also save your address and credit card numbers and fill those into online forms.
Use Your Password Manager for Security Answers, Too By David Murphy, lifehacker.com
It’s been a while since I’ve had to type in some stupid answer to a made-up question when creating an account on a new service. You know what I’m talking about: Forget your password, and you can regain access to your account by typing in the name of your first pet (Mr. Mrglglrm), your favorite sports team (Saskatoon Sirens), or the street you grew up on (Third Street).
Google using lock screen passwords to encrypt Android Cloud backups By Lisa Vaas, nakedsecurity.sophos.com
Google’s got your back when it comes to your backups, it says – and it’s even promising to keep its own peepers off the goods.